NextApp Echo < 2.1.1 XML Injection Vulnerability

No description provided by source. SEC Consult Security Advisory 20090305-0 ======================================================================== title: NextApp Echo XML Injection Vulnerability program: NextApp Echo vulnerable version: Echo2 2.1.1 homepage: http://echo.nextapp.com/site/echo2...

Outlook Web Access 2007 CSRF Vulnerability

No description provided by source. Source: http://sites.google.com/site/tentacoloviola/pwning-corporate-webmails Demo: http://www.youtube.com/watch?v=Bx-zfu0uXYg After Nduja Connection worm and the Memova issue, it's now time to shed a light on vulnerabilities affecting corporate webmails. And wh...

Vizer Web Server 1.9.1 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9678/info It has been reported that Vizer Web Server may be prone to a remote denial of service vulnerability that may allow an attacker to cause the affected server to crash, denying service to legitimate users. Vizer We...

Softrex Tornado WWW-Server 1.2 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7716/info A buffer overflow vulnerability has been reported for Tornado www-Server. The vulnerability exists when Tornado processes overly long HTTP requests. This will result in the server crashing. Although unconfirmed,...

MiniShare Server 1.3.2 - Remote Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10417/info Minishare is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to handle improperly formed HTTP requests. This issue will allow an attacker to cause the...

Stark CRM 1.0 - Multiple Vulnerabilities

No description provided by source. ? Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities Vendor: IWCn Systems Inc. Product web page: http://www.iwcn.ws Affected version: 1.0 Summary: This is a light weight CRM which simplifies process of managing staff, client and projects...

Netscape Enterprise Server 4.1 HTTP Method Name Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6792/info It has been reported that iPlanet Web Server and Netscape Enterprise Server are prone to a remotely exploitable buffer overflow condition. This is due to insufficient bounds checking when handling HTTP requests...

Gattaca Server 2003 Null Byte Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

Sixnet Sixview 2.4.1 - Web Console Directory Traversal

No description provided by source. Exploit Title: Sixnet sixview web console directory traversal Date: 2014-04-21 Exploit Author: daniel svartman Vendor Homepage: www.sixnet.com Software Link: Not available, hardware piece - appliance Version: 2.4.1 Tested on: Sixnet Sixview web console Linux bas...

Microsoft IIS 4.0/5.0 Executable File Parsing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a specially formed...

SquirrelMail 1.2.11 Administrator Plugin options.php Arbitrary Admin Account Creation

No description provided by source. source: http://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization...

SquirrelMail 1.2.11 Remote Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization...

SquirrelMail 1.2.11 move_messages.php Arbitrary File Moving

No description provided by source. source: http://www.securityfocus.com/bid/7952/info Multiple vulnerabilities have been reported for Squirrelmail which could allow for information disclosure, data corruption, and privilege escalation. The problems appear to occur due to insufficient sanitization...

GoAhead Webserver 2.1.x ASP Script File Source Code Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9239/info A vulnerability in GoAhead webserver may result in the disclosure of the source code of ASP script files. The vulnerability occurs because the application fails to sanitize HTTP requests. An attacker can append...

Simple Machines Forum <= 1.1.6 (LFI) Code Execution Exploit

No description provided by source. !/usr/bin/perl @title: Simple Machines Forum Code Execution @versn: = 1.1.6 @authr: elmysterio a.k.a us @stats: DROPPED!!!!!!! @descp: In loving memory of the rare bone marrow disease that killed rgod. We can't thank you enough for killing a bug killer. @bug :...

Apache Web Server 2.0.x MS-DOS Device Name Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6662/info A vulnerability has been reported in Apache Web server for Microsoft Windows. The vulnerability exists in the way some HTTP requests are handled by the Apache Web server. Specifically, HTTP GET requests that...

Polycom ViaVideo 2.2/3.0 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5962/info Polycom ViaVideo devices are prone to a denial of service condition upon receipt of numerous incomplete HTTP requests. This may restrict availability of the device for legitimate users. The device may need to be...

Nokia Electronic Documentation 5.0 Connection Redirection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8625/info A vulnerability has been discovered in Nokia Electronic Documentation NED that may allow an attacker to redirect connections to a third party system. The problem likely occurs due to the NED server failing to...

Boa 0.93.15 Administrator Password Overwrite Authentication Bypass Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25676/info Boa is prone to an authentication-bypass vulnerability because the application fails to ensure that passwords are not overwritten by specially crafted HTTP Requests. An attacker can exploit this issue to gain...

CUPS 1.1.x Cupsd Request Method Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7637/info The cupsd has been reported prone to a denial of service vulnerability. Reportedly the cupsd does not adequately apply a time-out process for malicious HTTP requests and service is denied to subsequent cupsd...